Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
1 changed file
with
72 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,72 @@ | ||
| --- | ||
|
|
||
| released: false | ||
| apache: true | ||
| title: 3.2.1 | ||
| date: 2021-12-16 | ||
| summary: > | ||
| Upgrade dependencies to fix CVE-2021-44228 (Log4J) | ||
| and CVE-2021-33813 (JDOM). | ||
| Fix unparse checksum and CRC capability ({% jira 2609 %}) | ||
| artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/" | ||
| checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/" | ||
|
|
||
| key-file: "https://downloads.apache.org/daffodil/KEYS" | ||
|
|
||
| source-dist: | ||
| - "apache-daffodil-3.2.1-src.zip" | ||
|
|
||
| binary-dist: | ||
| - "apache-daffodil-3.2.1-bin.tgz" | ||
| - "apache-daffodil-3.2.1-bin.zip" | ||
| - "apache-daffodil-3.2.1-bin.msi" | ||
| - "apache-daffodil-3.2.1-1.noarch.rpm" | ||
|
|
||
| scala-version: 2.12 | ||
| --- | ||
|
|
||
| #### Security Improvements | ||
|
|
||
| This release fixes two security CVEs by updating dependency versions. | ||
|
|
||
| * {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228 | ||
| * {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813 | ||
|
|
||
| #### Functional Improvements | ||
|
|
||
| A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing. | ||
| This has been fixed. | ||
|
|
||
| * {% jira 2608 %} PCAP fails with Daf 3.2.0 and IPv4 layers with checksum | ||
|
|
||
| #### Miscellaneous Changes | ||
|
|
||
| * {% jira 2577 %} remove Info message about compiler component counts | ||
| * {% jira 2145 %} Add scalac warnings | ||
| * {% jira 2592 %} Move the daffodil_program_version variable outside of generated_code.c | ||
| * {% jira 2534 %} Update ICU version - verify Daffodil impact of bug issue identified by IBM | ||
| * {% jira 2587 %} dfdlx:lookAhead compiler error if used in default value of dfdl:newVariableInstance | ||
| * {% jira 2600 %} encoding varies with environment - UTF-8 not properly set somewhere | ||
| * {% jira 2602 %} Daffodil uses different versions of log4j-api and log4j-core | ||
|
|
||
| #### Deprecation/Compatibility | ||
|
|
||
| There are no deprecations. This release is fully compatible with all functionality of the prior release. | ||
|
|
||
| #### Dependency Changes | ||
|
|
||
| The following dependencies have been added or updated | ||
|
|
||
| **Core** | ||
|
|
||
| * Log4j core 2.16.0 <small>(update)</small> | ||
| * Log4j api 2.16.0 <small>(update)</small> | ||
| * JDOM2 2.0.6.1 <small>(update)</small> | ||
|
|
||
| **Code Generator (runtime2)** | ||
|
|
||
| * OS-Lib 0.8.0 <small>(update)</small> | ||
|
|
||
|
|